@sveltejs/adapter-auto No license 2 versions

@sveltejs/adapter-auto

npm Repository Homepage

Versions

—

License

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

rich_harrissvelte-adminconduitrydominik_g

Keywords

adapterautomaticallydeployhostingplatformsveltesveltekit

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:env-spread	AI (semgrep): Standard child-process env inheritance pattern for a build adapter; stable for this package.	ai	2026/05/29

Versions (showing 2 of 2)

Version	Deps	Published
7.0.1	0 / 5	2026-02-12
7.0.0	0 / 5	2025-10-16

v7.0.1

2 findings

HIGH env-spread: index.js:115 semgrep

Spreading entire process.env into an object — may capture all secrets 113 | execSync(command, { 114 | stdio: 'inherit', > 115 | env: { 116 | ...process.env, 117 | NODE_ENV: undefined

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v7.0.0

2 findings

HIGH env-spread: index.js:115 semgrep

Spreading entire process.env into an object — may capture all secrets 113 | execSync(command, { 114 | stdio: 'inherit', > 115 | env: { 116 | ...process.env, 117 | NODE_ENV: undefined

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.